Current intrusion detection systems include hardware based solutions such as firewall or proxy server implementations, human based solutions including security centers, and automated systems including monitoring logs. In the case of intruders, monitor systems typically notify a security center for maintenance. This maintenance may include blocking a particular internet protocol (IP) address and checking logs.
In these cases, once an analysis system (e.g. a hack checking system, etc.) becomes involved, there is not typically enough time to perform comprehensive checks to identity the intruder nor to check for ways to identify the particular hacking method used, especially in real time. Even if a defense system manages to block an intruder's IP address, the intruder usually will find a way to bypass that particular IP address and retry the same attack again.
At the end of an attack event, security personnel may begin to investigate the circumstances of the intrusion in order to prevent future attacks of the same type from the same hacking flow. The current process is time intensive and uses many human resources.
There is thus a need for addressing these and/or other issues associated with the prior art.